Bugtraq mailing list archives

Re: Possible SERIOUS bug in open()?

From: mem () MV MV COM (Mark E. Mallett)
Date: Sat, 25 Oct 1997 15:45:21 -0400

What about the higher flag bits?  (O_APPEND, O_CREAT, ...)


ah, right.

this would be much more clear and much less error-prone if
this was done explicitely instead of with a clever hack that
obfuscates the operation.


Agreed.  Heck, for clarity I even prefer a style of   if (flags == 0)
over   if (!flags)   but I'm probably the only one.

 Implementing it in this way
makes it clear what to do:

     switch(uap->flags & O_ACCMODE) {
     case O_RDONLY:
         lowbits = FREAD;
         break;
     case O_WRONLY:
         lowbits = FWRITE;
         break;
     case O_RDWR:
         lowbits = FREAD | FWRITE;
         break;
     default:
         return EINVAL;
     }
     flags = (uap->flags & ~O_ACCMODE) | lowbits;



Would probably want to move this above the opening falloc() also.

mm

Current thread:

Re: Possible SERIOUS bug in open()? Aleph One (Oct 23)
- a bug in IRIX open() as well [was Re: Possible SERIOUS bug in Mike Kienenberger (Oct 24)
- Vulnerability in metamail Alan Cox (Oct 24)
- Re: Possible SERIOUS bug in open()? Theo de Raadt (Oct 24)
- Re: Possible SERIOUS bug in open()? Theo de Raadt (Oct 24)
- Re: Possible SERIOUS bug in open()? Mark E. Mallett (Oct 24)
  - Re: Possible SERIOUS bug in open()? Tim Newsham (Oct 25)
    - Re: Possible SERIOUS bug in open()? Mark E. Mallett (Oct 25)
    - SECURITY: metamail update (fwd) Raymond Dijkxhoorn (Oct 25)